1. Framework FAQs

ISO 27001: 2022 A.7.3 Securing offices, rooms and facilities

This article provides additional information on how you can meet the requirement for the ISO 27001: 2022 A.7.3 Securing offices, rooms and facilities.

ISO 27001: 2022 Control Description

Physical security for offices, rooms and facilities shall be designed and  implemented.

Purpose

To prevent unauthorised physical access, damage, and interference to the organisation’s information and other associated assets in offices, rooms, and facilities.

Guidance on implementation

The following guidelines should be considered to secure offices, rooms, and facilities:

a) Siting critical facilities to avoid access by the public.

b) Where applicable, ensuring buildings are unobtrusive and give minimal indication of their purpose, with no obvious signs, outside or inside the building, identifying the presence of information processing activities.

c) Configuring facilities to prevent confidential information or activities from being visible or audible from the outside. Electromagnetic shielding should also be considered where appropriate.

d) Ensuring directories, internal telephone books, and online accessible maps that identify the locations of confidential information processing facilities are not readily available to any unauthorised person.